package cn.wolfcode.web.controller;

import cn.wolfcode.domain.Employee;
import cn.wolfcode.qo.JsonResult;
import cn.wolfcode.service.EmployeeService;
import cn.wolfcode.service.PermissionService;
import cn.wolfcode.util.UserContext;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpSession;
import java.util.List;

@Controller
public class LoginController {


    @RequestMapping("/login")
    @ResponseBody
    public JsonResult login(String username, String password){
      try{
         //封装令牌
          UsernamePasswordToken token = new UsernamePasswordToken(username, password);
          //利用shiro 的api 来进行登录
          SecurityUtils.getSubject().login(token);
          return new JsonResult();
      }catch(Exception e){
          e.printStackTrace();
          return new JsonResult(false,"登录错误");
      }
    }





    /*          Employee employee = employeeService.login(username,password);
          //session.setAttribute("EMPLOYEE_IN_SESSION",employee);
          UserContext.setCurrentUser(employee);
          //判断是否为超级管理员,如果是就没有查权限表达式的必要了
          if(!employee.getAdmin()){
              List<String> strings = permissionService.selectByEmpId(employee.getId());
              //session.setAttribute("PERMISSION_IN_SESSION",strings);
              UserContext.setPermissionExpression(strings);
          }
         //把员工的权限表达式集合存到session中*/
}
